ITbuilder Ltd.

05/06/2026

Risk doesn't wait for an owner to be appointed before it starts accumulating.

An organisation can go months — or years — with cyber risk in an informal space between IT operations and senior leadership. Most of the time, nothing immediately terrible happens.

Until it does.

In November 2023, a mid-sized UK accountancy firm experienced a ransomware incident. The attacker had been inside the network for 23 days before detection. The initial access was a compromised credential belonging to a junior member of the accounts team — an account with more permissions than it needed, because nobody had reviewed access rights in over two years.

The firm had Cyber Essentials.
It had an MSP providing 24/7 monitoring.
It had recently passed a GDPR compliance review.

The tools didn't fail. The governance did.

Three weeks of operational disruption. Notification obligations to around 400 clients. Two significant client mandates lost.

The harder truth: when an incident occurs in an organisation without cyber risk governance, accountability doesn't sit with IT. It doesn't sit with the MSP.

It traces to the board.

Article 6 covers the regulatory, commercial and legal consequences of the governance gap — and why they arrive at board level regardless of whether anyone up there identified it.

https://hubs.la/Q04kfP_70
─────────────────────

📅 Webinar: How Leaders Should Govern Cyber Risk
30th June · Live · Free to register

🔗 Read + register: https://hubs.la/Q04kfSJr0

Understanding cyber risk governance is crucial. Without ownership, risks escalate and lead to significant board-level consequences. Learn how to close governance gaps.

04/06/2026

02/06/2026

77% of UK organisations experienced a cyber incident in the past year. Nearly all review incidents after the fact. Only a third have high management engagement in those reviews.

That gap — between tools deployed and leadership actually owning the risk — is where most SMEs remain exposed.
Henry Lawrence, our MD, has written on exactly this: why cyber resilience for UK SMEs is increasingly a governance problem, not a technology one.

→ IT teams can't carry board-level risk decisions alone
→ Incident response plans that aren't rehearsed by leadership don't hold under pressure
→ Compliance certification is a baseline — not an end state
→ Insurance coverage can hinge on whether risk ownership is demonstrable

https://hubs.la/Q04jMXgP0

Henry is also hosting a live webinar on 30 June — governing cyber risk at leadership level. Link in the comments 👇

UK SMEs are making progress in cyber resilience, but a lack of active involvement from leadership and gaps in governance leave critical operational risks unmanaged. Explore practical steps for directors to strengthen oversight and accountability—beyond compliance.

29/05/2026

Your MSP is doing its job. Your SOC is monitoring. Your certification is current.

And yet something feels uncertain.

If that resonates, it's probably because you're sensing a gap that almost nobody is explicit about.

Managed security services are excellent at operational security — keeping systems running, monitored and patched. Compliance frameworks tell you what good looks like. Both are genuinely valuable.

What neither of them does is own your risk on behalf of your board.

There is no tool, certification or service that answers the questions your board actually needs answered:

What is our cyber risk exposure as a business?
Is it at a level the board accepts?
Who is responsible for ensuring it stays that way?

This is the governance gap. It sits above the operational security layer. It's structural. And most organisations don't know it exists.

Article 5 maps it clearly — and introduces our governance readiness checklist, which surfaces the questions your board should be able to answer right now.

─────────────────────

We're also opening registration for our series closing webinar:

📅 How Leaders Should Govern Cyber Risk — And Why Most Don't
30 June · Live · 45 min + Q&A

Register at https://hubs.la/Q04jk-c10

🔗 Article + checklist + register: https://hubs.la/Q04jk-c10

28/05/2026

Many UK SMEs will soon face much stricter expectations around cyber security, not just from regulators but within their own business supply chains.

The new Cyber Security and Resilience Bill is more than another compliance hurdle—it fundamentally shifts cyber risk ownership to business leaders and their boards.

This raises the stakes for those reporting on resilience, and for directors personally.

We share a practical analysis of what’s changing, why it matters for midsized businesses, and where leadership focus is most needed.
Forward-thinking governance is quickly becoming a business imperative.

Read the full article here:

https://hubs.la/Q04j7NHM0

The UK Government’s Cyber Security and Resilience Bill imposes new compliance and cyber risk management duties on managed service providers. Henry Lawrence reviews the challenges for SME leadership teams and offers practical steps to strengthen business resilience.

27/05/2026

🔐 AI Is Part of the Threat — So Should AI Be Part of Your Defence

As digital communication evolves, attackers are using AI to make phishing, malware and account takeover attempts harder to spot. Modern businesses need modern protection that works in real time.

Harmony Email Security uses AI-driven threat intelligence and behavioural analysis to detect advanced threats as they happen — stopping attacks before they reach your team.

Why it matters for UK SMEs:
- Real-time detection reduces successful phishing and account takeovers
- Behavioural analysis spots subtle, AI-powered attacks
- Works alongside your existing email setup for practical protection

Keeping your data safe is non-negotiable. If you’re using a cloud email platform or another provider, Harmony Email Security is a sensible, expert layer to consider.

👉 Want to future-proof your inbox? Talk to ITbuilder about deploying Harmony with sensible, business-focused controls.


https://campaigns.channext.com/itbuilder/email-security?lang=en_US&utm_source=fb&utm_term=37922

26/05/2026

Think you need a big tech team to start with AI?

With Business Central, Copilot is already built in — and you can start using it today.

In practice that means you can:

🔹 Ask questions about your data in plain language
🔹 Reconcile bank statements automatically
🔹 Spot patterns you might miss
🔹 Cut data entry with auto-filled records

Businesses that begin exploring AI now will lead in two years. Keeping your data safe is non-negotiable — and getting started doesn’t have to be complex.

Want a straightforward walkthrough of how Copilot can work for your team?

https://microsoft.channext.com/itbuilder/dynamics-365-business-central-2?lang=en_US&utm_source=fb&utm_term=39477

21/05/2026

💬✨ What Our Clients Are Saying

At ITbuilder, we believe great IT support is about more than fixing issues - it’s about building trust, being responsive, and making life easier for the businesses we support.

Every piece of feedback we receive means a lot to our team. From quick response times to reliable follow-ups and friendly support, we’re proud to help our clients stay secure, connected, and stress-free.

👏 A huge thank you to our amasing clients for your continued trust and kind words.
And to our incredible team - thank you for consistently delivering support that truly makes a difference.

20/05/2026

Is your data split across accounting, sales and spreadsheets?

When teams work from different tools, every simple question becomes a mini research project. Business Central fixes that by bringing finance, sales and inventory into one platform — the same data, accessible from anywhere, one source of truth.

The practical outcome:
🔹 Faster decisions because everyone sees the same numbers
🔹 Less time chasing information across systems
🔹 Teams work more efficiently with consistent data

See how Business Central can work for your organisation with ITbuilder.

https://microsoft.channext.com/itbuilder/dynamics-365-business-central-2?lang=en_US&utm_source=fb&utm_term=39474

19/05/2026

The King's Speech 2026 just raised the bar for UK business cyber compliance — and many SMEs aren't ready. 👑

The proposed Cyber Security and Resilience Bill isn't just an update to existing regulation. It signals a fundamental shift: cybersecurity is now a matter of national policy, and the expectation on business leaders has changed accordingly.

What does that mean in practice?

→ Tighter incident reporting obligations — including for MSPs
→ Board-level risk ownership, not just IT-level awareness
→ Governance that can demonstrate resilience, not just certification

The gap between holding a Cyber Essentials badge and genuinely meeting the direction of travel here is significant. And the organisations that treat this as a compliance checkbox will find themselves exposed — both operationally and reputationally.

In this week's article, Henry Lawrence unpacks what the King's Speech 2026 compliance agenda actually means for UK SMEs, where the real risks lie, and what leaders should be doing now — before the legislation lands.

👉 https://hubs.la/Q04h4bQ60

Explore the impact of the King’s Speech 2026 on UK business compliance. Understand the Cyber Security and Resilience Bill, reporting obligations, and what SMEs must do to manage cyber risk in a rapidly evolving regulatory landscape.